As the range of cyberthreats to enterprises increases in sophistication, so do the defences offered by security vendors.
One of the newest, Cyphort Inc., has added the ability to rank threats it catches through its advanced threat malware detection engine.
“What’s the point of telling an enterprise ‘here are thousands of incidents to look at?’ “ CEO Manoj Leelanivas asked in an interview. “You have to sift through the data and find out what is meaningful and what is not. We believe in prioritizing threats, not only in severity but also the context in the environment. For example, if the threat is affecting CEO desktop it is much more high priority than the laptop of a partner. If it’s going after the crown jewels we raise the priority.”
The capability is one of several new features added this week to version 3.0 of the software suite. Cyphort runs on a customer-supplied Linux server or virtual machine.
The platform’s new capability ranks malware by its severity, progression, and its relevance within the enterprise.
Other new features include the ability to integrate with next generation firewalls from Palo Alto Networks and or Bluecoat devices in order to update existing blocking rules or other policies. Administrators can selectively add or remove threat data to the Palo Alto Networks or Blue Coat Proxy SG appliances to update blocking rules or other security policies.
There’s also a new dashboard that presents threat information better than previous versions of the suite. The company says security teams will be able to identify which threats need attention first.
Cyphort protects all devices on a network through a free collector which can be placed on as many points as the customer wants. Its core detection engine starts at US$27,500 and goes up from there based on the aggregate bandwidth protected, with the base price for 100 Mbps. There’s an annual fee for the company’s online threat network service, which adds real-time threat intelligence and malware updates.
At the moment it can only be bought direct. However, Leelanivas said he has just hired a channel manager and will be looking for security system integrators to resell the suite.
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."